aws-sdk-s3 1.61.2 → 1.83.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/aws-sdk-s3.rb +5 -2
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +62 -0
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +71 -0
- data/lib/aws-sdk-s3/bucket.rb +61 -10
- data/lib/aws-sdk-s3/bucket_acl.rb +7 -0
- data/lib/aws-sdk-s3/bucket_cors.rb +15 -2
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +14 -1
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +14 -1
- data/lib/aws-sdk-s3/bucket_logging.rb +7 -0
- data/lib/aws-sdk-s3/bucket_notification.rb +7 -0
- data/lib/aws-sdk-s3/bucket_policy.rb +14 -1
- data/lib/aws-sdk-s3/bucket_region_cache.rb +2 -0
- data/lib/aws-sdk-s3/bucket_request_payment.rb +7 -0
- data/lib/aws-sdk-s3/bucket_tagging.rb +14 -1
- data/lib/aws-sdk-s3/bucket_versioning.rb +17 -0
- data/lib/aws-sdk-s3/bucket_website.rb +18 -3
- data/lib/aws-sdk-s3/client.rb +2521 -1187
- data/lib/aws-sdk-s3/client_api.rb +188 -18
- data/lib/aws-sdk-s3/customizations.rb +3 -0
- data/lib/aws-sdk-s3/customizations/bucket.rb +11 -4
- data/lib/aws-sdk-s3/customizations/multipart_upload.rb +2 -0
- data/lib/aws-sdk-s3/customizations/object.rb +23 -5
- data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
- data/lib/aws-sdk-s3/customizations/types/list_object_versions_output.rb +2 -0
- data/lib/aws-sdk-s3/encryption.rb +4 -0
- data/lib/aws-sdk-s3/encryption/client.rb +18 -5
- data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +72 -26
- data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb +43 -5
- data/lib/aws-sdk-s3/encryption/default_key_provider.rb +2 -0
- data/lib/aws-sdk-s3/encryption/encrypt_handler.rb +13 -2
- data/lib/aws-sdk-s3/encryption/errors.rb +2 -0
- data/lib/aws-sdk-s3/encryption/io_auth_decrypter.rb +2 -0
- data/lib/aws-sdk-s3/encryption/io_decrypter.rb +11 -3
- data/lib/aws-sdk-s3/encryption/io_encrypter.rb +2 -0
- data/lib/aws-sdk-s3/encryption/key_provider.rb +2 -0
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +34 -3
- data/lib/aws-sdk-s3/encryption/materials.rb +8 -6
- data/lib/aws-sdk-s3/encryption/utils.rb +25 -0
- data/lib/aws-sdk-s3/encryptionV2/client.rb +566 -0
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +226 -0
- data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +170 -0
- data/lib/aws-sdk-s3/encryptionV2/default_key_provider.rb +40 -0
- data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +69 -0
- data/lib/aws-sdk-s3/encryptionV2/errors.rb +37 -0
- data/lib/aws-sdk-s3/encryptionV2/io_auth_decrypter.rb +58 -0
- data/lib/aws-sdk-s3/encryptionV2/io_decrypter.rb +37 -0
- data/lib/aws-sdk-s3/encryptionV2/io_encrypter.rb +73 -0
- data/lib/aws-sdk-s3/encryptionV2/key_provider.rb +31 -0
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +169 -0
- data/lib/aws-sdk-s3/encryptionV2/materials.rb +60 -0
- data/lib/aws-sdk-s3/encryptionV2/utils.rb +103 -0
- data/lib/aws-sdk-s3/encryption_v2.rb +23 -0
- data/lib/aws-sdk-s3/errors.rb +2 -0
- data/lib/aws-sdk-s3/event_streams.rb +7 -0
- data/lib/aws-sdk-s3/file_downloader.rb +10 -8
- data/lib/aws-sdk-s3/file_part.rb +2 -0
- data/lib/aws-sdk-s3/file_uploader.rb +14 -1
- data/lib/aws-sdk-s3/legacy_signer.rb +2 -0
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +39 -2
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +3 -1
- data/lib/aws-sdk-s3/multipart_upload.rb +18 -1
- data/lib/aws-sdk-s3/multipart_upload_error.rb +2 -0
- data/lib/aws-sdk-s3/multipart_upload_part.rb +66 -7
- data/lib/aws-sdk-s3/object.rb +174 -23
- data/lib/aws-sdk-s3/object_acl.rb +15 -0
- data/lib/aws-sdk-s3/object_copier.rb +2 -0
- data/lib/aws-sdk-s3/object_multipart_copier.rb +2 -0
- data/lib/aws-sdk-s3/object_summary.rb +185 -20
- data/lib/aws-sdk-s3/object_version.rb +44 -4
- data/lib/aws-sdk-s3/plugins/accelerate.rb +29 -38
- data/lib/aws-sdk-s3/plugins/arn.rb +187 -0
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +2 -2
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +3 -1
- data/lib/aws-sdk-s3/plugins/dualstack.rb +5 -1
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +3 -4
- data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb +2 -0
- data/lib/aws-sdk-s3/plugins/http_200_errors.rb +11 -3
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +3 -1
- data/lib/aws-sdk-s3/plugins/location_constraint.rb +2 -0
- data/lib/aws-sdk-s3/plugins/md5s.rb +26 -25
- data/lib/aws-sdk-s3/plugins/redirects.rb +2 -0
- data/lib/aws-sdk-s3/plugins/s3_host_id.rb +2 -0
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +31 -7
- data/lib/aws-sdk-s3/plugins/sse_cpk.rb +3 -1
- data/lib/aws-sdk-s3/plugins/streaming_retry.rb +118 -0
- data/lib/aws-sdk-s3/plugins/url_encoded_keys.rb +2 -0
- data/lib/aws-sdk-s3/presigned_post.rb +68 -32
- data/lib/aws-sdk-s3/presigner.rb +102 -34
- data/lib/aws-sdk-s3/resource.rb +4 -2
- data/lib/aws-sdk-s3/types.rb +2016 -256
- data/lib/aws-sdk-s3/waiters.rb +2 -0
- metadata +23 -6
- data/lib/aws-sdk-s3/plugins/bucket_arn.rb +0 -211
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# WARNING ABOUT GENERATED CODE
|
2
4
|
#
|
3
5
|
# This file is generated. See the contributing guide for more information:
|
@@ -232,6 +234,7 @@ module Aws::S3
|
|
232
234
|
# mfa: "MFA",
|
233
235
|
# request_payer: "requester", # accepts requester
|
234
236
|
# bypass_governance_retention: false,
|
237
|
+
# expected_bucket_owner: "AccountId",
|
235
238
|
# })
|
236
239
|
# @param [Hash] options ({})
|
237
240
|
# @option options [String] :mfa
|
@@ -252,6 +255,10 @@ module Aws::S3
|
|
252
255
|
# @option options [Boolean] :bypass_governance_retention
|
253
256
|
# Indicates whether S3 Object Lock should bypass Governance-mode
|
254
257
|
# restrictions to process this operation.
|
258
|
+
# @option options [String] :expected_bucket_owner
|
259
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
260
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
261
|
+
# Denied)` error.
|
255
262
|
# @return [Types::DeleteObjectOutput]
|
256
263
|
def delete(options = {})
|
257
264
|
options = options.merge(
|
@@ -282,6 +289,7 @@ module Aws::S3
|
|
282
289
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
283
290
|
# request_payer: "requester", # accepts requester
|
284
291
|
# part_number: 1,
|
292
|
+
# expected_bucket_owner: "AccountId",
|
285
293
|
# })
|
286
294
|
# @param [Hash] options ({})
|
287
295
|
# @option options [String] :if_match
|
@@ -299,7 +307,16 @@ module Aws::S3
|
|
299
307
|
# @option options [String] :range
|
300
308
|
# Downloads the specified range bytes of an object. For more information
|
301
309
|
# about the HTTP Range header, see
|
302
|
-
# [
|
310
|
+
# [https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35][1].
|
311
|
+
#
|
312
|
+
# <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
|
313
|
+
# `GET` request.
|
314
|
+
#
|
315
|
+
# </note>
|
316
|
+
#
|
317
|
+
#
|
318
|
+
#
|
319
|
+
# [1]: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
|
303
320
|
# @option options [String] :response_cache_control
|
304
321
|
# Sets the `Cache-Control` header of the response.
|
305
322
|
# @option options [String] :response_content_disposition
|
@@ -320,7 +337,7 @@ module Aws::S3
|
|
320
337
|
# encrypting data. This value is used to store the object and then it is
|
321
338
|
# discarded; Amazon S3 does not store the encryption key. The key must
|
322
339
|
# be appropriate for use with the algorithm specified in the
|
323
|
-
# `x-amz-server-side
|
340
|
+
# `x-amz-server-side-encryption-customer-algorithm` header.
|
324
341
|
# @option options [String] :sse_customer_key_md5
|
325
342
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
326
343
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
@@ -340,6 +357,10 @@ module Aws::S3
|
|
340
357
|
# between 1 and 10,000. Effectively performs a 'ranged' GET request
|
341
358
|
# for the part specified. Useful for downloading just a part of an
|
342
359
|
# object.
|
360
|
+
# @option options [String] :expected_bucket_owner
|
361
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
362
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
363
|
+
# Denied)` error.
|
343
364
|
# @return [Types::GetObjectOutput]
|
344
365
|
def get(options = {}, &block)
|
345
366
|
options = options.merge(
|
@@ -364,6 +385,7 @@ module Aws::S3
|
|
364
385
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
365
386
|
# request_payer: "requester", # accepts requester
|
366
387
|
# part_number: 1,
|
388
|
+
# expected_bucket_owner: "AccountId",
|
367
389
|
# })
|
368
390
|
# @param [Hash] options ({})
|
369
391
|
# @option options [String] :if_match
|
@@ -381,7 +403,16 @@ module Aws::S3
|
|
381
403
|
# @option options [String] :range
|
382
404
|
# Downloads the specified range bytes of an object. For more information
|
383
405
|
# about the HTTP Range header, see
|
384
|
-
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35]
|
406
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35][1].
|
407
|
+
#
|
408
|
+
# <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
|
409
|
+
# `GET` request.
|
410
|
+
#
|
411
|
+
# </note>
|
412
|
+
#
|
413
|
+
#
|
414
|
+
#
|
415
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
|
385
416
|
# @option options [String] :sse_customer_algorithm
|
386
417
|
# Specifies the algorithm to use to when encrypting the object (for
|
387
418
|
# example, AES256).
|
@@ -390,7 +421,7 @@ module Aws::S3
|
|
390
421
|
# encrypting data. This value is used to store the object and then it is
|
391
422
|
# discarded; Amazon S3 does not store the encryption key. The key must
|
392
423
|
# be appropriate for use with the algorithm specified in the
|
393
|
-
# `x-amz-server-side
|
424
|
+
# `x-amz-server-side-encryption-customer-algorithm` header.
|
394
425
|
# @option options [String] :sse_customer_key_md5
|
395
426
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
396
427
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
@@ -410,6 +441,10 @@ module Aws::S3
|
|
410
441
|
# between 1 and 10,000. Effectively performs a 'ranged' HEAD request
|
411
442
|
# for the part specified. Useful querying about the size of the part and
|
412
443
|
# the number of parts in this object.
|
444
|
+
# @option options [String] :expected_bucket_owner
|
445
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
446
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
447
|
+
# Denied)` error.
|
413
448
|
# @return [Types::HeadObjectOutput]
|
414
449
|
def head(options = {})
|
415
450
|
options = options.merge(
|
@@ -488,6 +523,7 @@ module Aws::S3
|
|
488
523
|
# mfa: "MFA",
|
489
524
|
# request_payer: "requester", # accepts requester
|
490
525
|
# bypass_governance_retention: false,
|
526
|
+
# expected_bucket_owner: "AccountId",
|
491
527
|
# })
|
492
528
|
# @param options ({})
|
493
529
|
# @option options [String] :mfa
|
@@ -509,6 +545,10 @@ module Aws::S3
|
|
509
545
|
# Specifies whether you want to delete this object even if it has a
|
510
546
|
# Governance-type Object Lock in place. You must have sufficient
|
511
547
|
# permissions to perform this operation.
|
548
|
+
# @option options [String] :expected_bucket_owner
|
549
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
550
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
551
|
+
# Denied)` error.
|
512
552
|
# @return [void]
|
513
553
|
def batch_delete!(options = {})
|
514
554
|
batch_enum.each do |batch|
|
@@ -1,36 +1,48 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Aws
|
2
4
|
module S3
|
3
5
|
module Plugins
|
4
|
-
|
5
6
|
# Provides support for using `Aws::S3::Client` with Amazon S3 Transfer
|
6
7
|
# Acceleration.
|
7
8
|
#
|
8
9
|
# Go here for more information about transfer acceleration:
|
9
10
|
# [http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html](http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
|
10
11
|
class Accelerate < Seahorse::Client::Plugin
|
11
|
-
|
12
|
-
|
12
|
+
option(
|
13
|
+
:use_accelerate_endpoint,
|
13
14
|
default: false,
|
14
15
|
doc_type: 'Boolean',
|
15
16
|
docstring: <<-DOCS)
|
16
17
|
When set to `true`, accelerated bucket endpoints will be used
|
17
18
|
for all object operations. You must first enable accelerate for
|
18
|
-
each bucket.
|
19
|
+
each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
|
19
20
|
DOCS
|
20
21
|
|
21
22
|
def add_handlers(handlers, config)
|
22
23
|
operations = config.api.operation_names - [
|
23
|
-
:create_bucket, :list_buckets, :delete_bucket
|
24
|
+
:create_bucket, :list_buckets, :delete_bucket
|
24
25
|
]
|
25
|
-
handlers
|
26
|
-
|
26
|
+
# Need 2 handlers so that the context can be set for other plugins
|
27
|
+
# and to remove :use_accelerate_endpoint from the params.
|
28
|
+
handlers.add(
|
29
|
+
OptionHandler, step: :initialize, operations: operations
|
30
|
+
)
|
31
|
+
handlers.add(
|
32
|
+
AccelerateHandler, step: :build, priority: 0, operations: operations
|
33
|
+
)
|
27
34
|
end
|
28
35
|
|
29
36
|
# @api private
|
30
37
|
class OptionHandler < Seahorse::Client::Handler
|
31
38
|
def call(context)
|
32
|
-
|
33
|
-
|
39
|
+
# Support client configuration and per-operation configuration
|
40
|
+
if context.params.is_a?(Hash)
|
41
|
+
accelerate = context.params.delete(:use_accelerate_endpoint)
|
42
|
+
end
|
43
|
+
if accelerate.nil?
|
44
|
+
accelerate = context.config.use_accelerate_endpoint
|
45
|
+
end
|
34
46
|
context[:use_accelerate_endpoint] = accelerate
|
35
47
|
@handler.call(context)
|
36
48
|
end
|
@@ -38,39 +50,24 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3
|
|
38
50
|
|
39
51
|
# @api private
|
40
52
|
class AccelerateHandler < Seahorse::Client::Handler
|
41
|
-
|
42
53
|
def call(context)
|
43
54
|
if context[:use_accelerate_endpoint]
|
44
|
-
|
45
|
-
|
46
|
-
else
|
47
|
-
use_accelerate_endpoint(context)
|
48
|
-
end
|
55
|
+
dualstack = !!context[:use_dualstack_endpoint]
|
56
|
+
use_accelerate_endpoint(context, dualstack)
|
49
57
|
end
|
50
58
|
@handler.call(context)
|
51
59
|
end
|
52
60
|
|
53
61
|
private
|
54
62
|
|
55
|
-
def use_accelerate_endpoint(context)
|
56
|
-
bucket_name = context.params[:bucket]
|
57
|
-
validate_bucket_name!(bucket_name)
|
58
|
-
endpoint = URI.parse(context.http_request.endpoint.to_s)
|
59
|
-
endpoint.scheme = 'https'
|
60
|
-
endpoint.port = 443
|
61
|
-
endpoint.host = "#{bucket_name}.s3-accelerate.amazonaws.com"
|
62
|
-
context.http_request.endpoint = endpoint.to_s
|
63
|
-
# s3 accelerate endpoint doesn't work with 'expect' header
|
64
|
-
context.http_request.headers.delete('expect')
|
65
|
-
end
|
66
|
-
|
67
|
-
def use_combined_accelerate_dualstack_endpoint(context)
|
63
|
+
def use_accelerate_endpoint(context, dualstack)
|
68
64
|
bucket_name = context.params[:bucket]
|
69
65
|
validate_bucket_name!(bucket_name)
|
70
66
|
endpoint = URI.parse(context.http_request.endpoint.to_s)
|
71
67
|
endpoint.scheme = 'https'
|
72
68
|
endpoint.port = 443
|
73
|
-
endpoint.host = "#{bucket_name}.s3-accelerate
|
69
|
+
endpoint.host = "#{bucket_name}.s3-accelerate"\
|
70
|
+
"#{'.dualstack' if dualstack}.amazonaws.com"
|
74
71
|
context.http_request.endpoint = endpoint.to_s
|
75
72
|
# s3 accelerate endpoint doesn't work with 'expect' header
|
76
73
|
context.http_request.headers.delete('expect')
|
@@ -78,17 +75,11 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3
|
|
78
75
|
|
79
76
|
def validate_bucket_name!(bucket_name)
|
80
77
|
unless BucketDns.dns_compatible?(bucket_name, _ssl = true)
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
end
|
85
|
-
if bucket_name.include?('.')
|
86
|
-
msg = "unable to use `accelerate: true` on buckets with dots"
|
87
|
-
msg << "in their name: #{bucket_name.inspect}"
|
88
|
-
raise ArgumentError, msg
|
78
|
+
raise ArgumentError,
|
79
|
+
'Unable to use `use_accelerate_endpoint: true` on buckets '\
|
80
|
+
'with non-DNS compatible names.'
|
89
81
|
end
|
90
82
|
end
|
91
|
-
|
92
83
|
end
|
93
84
|
end
|
94
85
|
end
|
@@ -0,0 +1,187 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative '../arn/access_point_arn'
|
4
|
+
require_relative '../arn/outpost_access_point_arn'
|
5
|
+
|
6
|
+
module Aws
|
7
|
+
module S3
|
8
|
+
module Plugins
|
9
|
+
# When an accesspoint ARN is provided for :bucket in S3 operations, this
|
10
|
+
# plugin resolves the request endpoint from the ARN when possible.
|
11
|
+
# @api private
|
12
|
+
class ARN < Seahorse::Client::Plugin
|
13
|
+
option(
|
14
|
+
:s3_use_arn_region,
|
15
|
+
default: true,
|
16
|
+
doc_type: 'Boolean',
|
17
|
+
docstring: <<-DOCS) do |cfg|
|
18
|
+
For S3 ARNs passed into the `:bucket` parameter, this option will
|
19
|
+
use the region in the ARN, allowing for cross-region requests to
|
20
|
+
be made. Set to `false` to use the client's region instead.
|
21
|
+
DOCS
|
22
|
+
resolve_s3_use_arn_region(cfg)
|
23
|
+
end
|
24
|
+
|
25
|
+
def add_handlers(handlers, _config)
|
26
|
+
handlers.add(Handler)
|
27
|
+
end
|
28
|
+
|
29
|
+
class Handler < Seahorse::Client::Handler
|
30
|
+
def call(context)
|
31
|
+
bucket_member = _bucket_member(context.operation.input.shape)
|
32
|
+
if bucket_member && (bucket = context.params[bucket_member])
|
33
|
+
resolved_region, arn = ARN.resolve_arn!(
|
34
|
+
bucket,
|
35
|
+
context.config.region,
|
36
|
+
context.config.s3_use_arn_region
|
37
|
+
)
|
38
|
+
if arn
|
39
|
+
validate_config!(context, arn)
|
40
|
+
|
41
|
+
ARN.resolve_url!(
|
42
|
+
context.http_request.endpoint,
|
43
|
+
arn,
|
44
|
+
resolved_region,
|
45
|
+
extract_dualstack_config!(context)
|
46
|
+
)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
@handler.call(context)
|
50
|
+
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def _bucket_member(input)
|
55
|
+
input.members.each do |member, ref|
|
56
|
+
return member if ref.shape.name == 'BucketName'
|
57
|
+
end
|
58
|
+
nil
|
59
|
+
end
|
60
|
+
|
61
|
+
# other plugins use dualstack so disable it when we're done
|
62
|
+
def extract_dualstack_config!(context)
|
63
|
+
dualstack = context[:use_dualstack_endpoint]
|
64
|
+
context[:use_dualstack_endpoint] = false if dualstack
|
65
|
+
dualstack
|
66
|
+
end
|
67
|
+
|
68
|
+
def validate_config!(context, arn)
|
69
|
+
unless context.config.regional_endpoint
|
70
|
+
raise ArgumentError,
|
71
|
+
'Cannot provide both an Access Point ARN and setting '\
|
72
|
+
':endpoint.'
|
73
|
+
end
|
74
|
+
|
75
|
+
if context.config.force_path_style
|
76
|
+
raise ArgumentError,
|
77
|
+
'Cannot provide both an Access Point ARN and setting '\
|
78
|
+
':force_path_style to true.'
|
79
|
+
end
|
80
|
+
|
81
|
+
if context.config.use_accelerate_endpoint
|
82
|
+
raise ArgumentError,
|
83
|
+
'Cannot provide both an Access Point ARN and setting '\
|
84
|
+
':use_accelerate_endpoint to true.'
|
85
|
+
end
|
86
|
+
|
87
|
+
if !arn.support_dualstack? && context[:use_dualstack_endpoint]
|
88
|
+
raise ArgumentError,
|
89
|
+
'Cannot provide both an Outpost Access Point ARN and '\
|
90
|
+
'setting :use_dualstack_endpoint to true.'
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
class << self
|
96
|
+
# @api private
|
97
|
+
def resolve_arn!(member_value, region, use_arn_region)
|
98
|
+
if Aws::ARNParser.arn?(member_value)
|
99
|
+
arn = Aws::ARNParser.parse(member_value)
|
100
|
+
if arn.resource.start_with?('accesspoint')
|
101
|
+
s3_arn = Aws::S3::AccessPointARN.new(arn.to_h)
|
102
|
+
elsif arn.resource.start_with?('outpost')
|
103
|
+
s3_arn = Aws::S3::OutpostAccessPointARN.new(arn.to_h)
|
104
|
+
else
|
105
|
+
raise ArgumentError,
|
106
|
+
'Only Access Point and Outpost Access Point type ARNs '\
|
107
|
+
'are currently supported.'
|
108
|
+
end
|
109
|
+
s3_arn.validate_arn!
|
110
|
+
validate_region_config!(s3_arn, region, use_arn_region)
|
111
|
+
region = s3_arn.region if use_arn_region
|
112
|
+
[region, s3_arn]
|
113
|
+
else
|
114
|
+
[region]
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
# @api private
|
119
|
+
def resolve_url!(url, arn, region, dualstack = false)
|
120
|
+
url.host = arn.host_url(region, dualstack)
|
121
|
+
url.path = url_path(url.path, arn)
|
122
|
+
url
|
123
|
+
end
|
124
|
+
|
125
|
+
private
|
126
|
+
|
127
|
+
def resolve_s3_use_arn_region(cfg)
|
128
|
+
value = ENV['AWS_S3_USE_ARN_REGION'] ||
|
129
|
+
Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
|
130
|
+
'true'
|
131
|
+
value = Aws::Util.str_2_bool(value)
|
132
|
+
# Raise if provided value is not true or false
|
133
|
+
if value.nil?
|
134
|
+
raise ArgumentError,
|
135
|
+
'Must provide either `true` or `false` for '\
|
136
|
+
's3_use_arn_region profile option or for '\
|
137
|
+
"ENV['AWS_S3_USE_ARN_REGION']"
|
138
|
+
end
|
139
|
+
value
|
140
|
+
end
|
141
|
+
|
142
|
+
# Remove ARN from the path since it was substituted already
|
143
|
+
# This only works because accesspoints care about the URL
|
144
|
+
def url_path(path, arn)
|
145
|
+
path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
|
146
|
+
.sub("/#{arn}", '')
|
147
|
+
"/#{path}" unless path =~ /^\//
|
148
|
+
path
|
149
|
+
end
|
150
|
+
|
151
|
+
def validate_region_config!(arn, region, use_arn_region)
|
152
|
+
fips = arn.support_fips?
|
153
|
+
|
154
|
+
# s3-external-1 is specific just to s3 and not part of partitions
|
155
|
+
# aws-global is a partition region
|
156
|
+
unless arn.partition == 'aws' &&
|
157
|
+
(region == 's3-external-1' || region == 'aws-global')
|
158
|
+
if !fips && arn.region.include?('fips')
|
159
|
+
raise ArgumentError,
|
160
|
+
'FIPS region ARNs are not supported for this type of ARN.'
|
161
|
+
end
|
162
|
+
|
163
|
+
if !fips && !use_arn_region && region.include?('fips')
|
164
|
+
raise ArgumentError,
|
165
|
+
'FIPS client regions are not supported for this type of '\
|
166
|
+
'ARN without s3_use_arn_region.'
|
167
|
+
end
|
168
|
+
|
169
|
+
# if it's a fips region, attempt to normalize it
|
170
|
+
if fips || use_arn_region
|
171
|
+
region = region.gsub('fips-', '').gsub('-fips', '')
|
172
|
+
end
|
173
|
+
if use_arn_region &&
|
174
|
+
!Aws::Partitions.partition(arn.partition).region?(region)
|
175
|
+
raise Aws::Errors::InvalidARNPartitionError
|
176
|
+
end
|
177
|
+
|
178
|
+
if !use_arn_region && region != arn.region
|
179
|
+
raise Aws::Errors::InvalidARNRegionError
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|
184
|
+
end
|
185
|
+
end
|
186
|
+
end
|
187
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Aws
|
2
4
|
module S3
|
3
5
|
module Plugins
|
@@ -71,8 +73,6 @@ request URI and never moved to the host as a sub-domain.
|
|
71
73
|
end
|
72
74
|
end
|
73
75
|
|
74
|
-
# Checks for a valid RFC-3986 host name
|
75
|
-
# @see https://tools.ietf.org/html/rfc3986#section-3.2.2
|
76
76
|
# @param [String] bucket_name
|
77
77
|
# @return [Boolean]
|
78
78
|
def valid_subdomain?(bucket_name)
|